Archive | Domain Names

As ICANN attempts to persuade the world that it deserves to be cut loose from the apron-strings of the United States’ government, it is perhaps appropriate to review whether it is fulfilling the requirements of its founding community, never mind going forward.

The ICANN by-laws state, in Section 1 of Bylaw 3 that:

The Corporation and its subordinate entities shall operate to t’he maximum extent feasible in an open and transparent manner and consistent with procedures designed to ensure fairness.

Now this is pretty unambiguous. In the first few ICANN meetings this meant that anyone could participate in the work of ICANN. You just turned up, registered (at no cost), attend and speak the sessions that interested you.

The Government Advisory Committee was a special case — it was formed specifically outside of ICANN, so it is not bound by the bylaws, and membership is restricted to accredited representatives of governments and multi-national organisations.

GAC meetings were originally held entirely behind closed doors, leading to all kinds of speculations. But over the years, the GAC began to feel more and more comfortable — holding joint meetings with other constutiencies and become more transparent. And we learned that, far from devil-worship, the GAC were doing extremely useful work that quite often had a lot in common with the ccTLD community.

Unfortunately, ICANN itself seemed to be going the other way.

In recent years, the perception is that more and more meetings were being held behind closed doors. You only have to look at the proliferation of the ‘CLOSED’ tags on the schedule.

And many of these ‘closed meetings’ are unnecessarily so.

I’ve been in a number of meetings when literally none of the participant knew why it had been scheduled behind closed doors.

It’s fairly self-eviden that if there’s a meeting of the members of a particular Council, or Working Group, that the participants in that group are the only people you’d expect to be debating, but there’s no reason why the general public can’t attend, and follow the discussions.

Transparency demands it, in fact.

The only time a meeting needs to resolve to close its doors, is if, for example it is discussing staff salaries, appointments, or reviewing privileged legal advice.

It was that dangerous radical, Margaret Thatcher, who in 1962, in a Private Members Bill, brought transparency to English local government.

Given the binding nature of the by-law that requires the ‘maximum feasible’ transparency, ICANN should not be doing worse.

In an earlier article I wrote about the court case of Ben Haim (& others) -v- Iran (& others) where the successful Claimants (Plaintiffs) were attempting to attach the Iranian, Syrian and (just for good measure) North Korean country code domain names (.IR, .SY and .KP) and wanted ICANN to hand them over, and took it to court to force it.

A DC court rebuffed the attempt stating that while top-level domains might be property (like any other domain name) they weren’t the sort of property that could be garnished.

Well, as I write this in the aftermath of the Sony hack, and what seem to be countermeasures taking North Korean off the Internet entirely, details are slowly emerging that (not entirely unexpectedly, given their historic persistence) the Claimants, or at least one of them, has launched an appeal.

What is mildly interesting is that it’s just one of the Claimants (lead Plaintiff Seth Ben Haim, and just one of the Defendants (Iran). All the Court filing says is, in essence “I appeal”.

You don’t have to be legally qualified to work out that this is a placeholder, designed to ‘stop the clock’. It also allows the Plaintiffs a breathing space so they can work out whether Washington, DC is the best forum to haul ICANN into court.

Even if, as Judge Landreth clearly foreshadows, (cc)TLDs are property, if .COM names can’t be attached in DC, then the Claimant’s may still have some difficulty with attaching TLDs (which after all, are just dotless domain names).

(1) An oyster or similar bivalve mollusk in the larval stage, especially when it settles to the bottom and begins to develop a shell. (2) A cloth or leather gaiter covering the shoe upper and the ankle and fastening under the shoe with a strap: The waiter wore spats as part of his uniform.. (3) A brief quarrel. (4) [Informal] A slap or smack. (5) A spattering sound, as of raindrops.

There’s a spat between MarkMonitor and the Non Commercials.

You can read about it here. To be honest, even after reading this twice, I’ve no idea what the issue might have been.But whatever it was, I hadn’t heard of it before the refutation was publicised.

I’ve just returned from Beijing, China whereICANNheld its 46th International Meeting.

As many of you know, ICANN is a strange and interesting organisation. Part United Nations of the Internet, part International Olympic Committee, part knockabout yah-boo-sucks debating chamber (like the British House of Commons, perhaps with Marilyn Cade in the part of the late Margaret Thatcher), part charitable good cause, part travel club, and a few other things I’ve no doubt overlooked.

But I’m getting the feeling that somehow, in all of this, something fundamental is starting to be overlooked.

When ICANN was founded (and I was — as one of the participants in the US Government’s International Forum on the White Paper — one of ICANN’s founding “members”¹), it was designed, by Ira Magaziner and the rest of us to be a multi-stakeholder, agile, organisation that “co-ordinated” internet naming matters.

That sort of organisation was needed because “internet time” moves at a much quicker pace than normal intergovernmental regulation could hope to keep up with technological development.

But — it seems — ICANN is beginning to do what it should not, and stray into matters of content. Although some of the more authoritarian governments are attempting to use ICANN as a lever to control content (such objections to .GAY and .HIV), it’s not only from such quarters that the challenges to fundmental rights are coming.

ICANN will have to find a path through this thicket.

It appears to me that new CEO Fadi Chehadé may (and at this point I only say ‘may’) be the right person to do it.

Certainly, it seems to me the celebrity Hollywood style of his predecessor, although highly entertaining would — if allowed to continue — have probably sunk the boat.

Now back from China, I am reminded of an ancient chinese curse:

‘May you live in interesting times’

(¹ I put ‘members’ in quotes becuase, peculiarly, for a non-profit org, it HAS no members).

The ISO-3166-1 country code list is not a static thing. New countries and territories appear on the list. Others disappear.

In the 20 or so years I’ve been dealing with these things professionally there are many examples. The Aaland Islands (AX) for example, and South Sudan (SS) have appeared. Yugoslavia (YU) and the German Democratic Republic (DD) have disappeared. Guernsey and Jersey (GG and JE) were added to the list in 2006.

Yet many e-commerce websites I see have drop-down lists for “Country” in their address entry fields are missing many of the recent additions to the list.

Leaving aside the fact, that in some circumstances the list is just the wrong thing to use (for example airlines using the list to classify passport details — the ISO list is NOT the same as a list of nationalities), why would any website developer intentionally choose to use a seriously outdated list, when the current list, and announcements as to changes is easily accessible these days from ISO itself who even publish a change-tracking page.

This has real serious economic effects on individuals. Guernsey and Jersey residents often end up paying a surcharge of 20% on goods ordered over the web as a direct result of this

Now, maybe I’m being picky, but I think if you advertise yourselves as specialists in search engineering you ought to know what the correct ISO list contains.

After all, a website’s location and target audience does form part of the myriad inputs to Google’s magical PageRank algorithm, don’t they?

I was on the point of ordering a particular SEO firms service (I won’t mention them to spare their blushes, but I can see their name as I write this).

But when I got to the address form, guess what — the drop down list didn’t include an option for the particular country/territory the organisation I was planning to order the service for. So guess what — that particular SEO firm lost a sale.

Is YOUR site up-t0-date?

PS: By the way, although I just checked that everything that should be there on our own webforms, is, to prove it, here’s a little challenge, which will help us in our own quality control.

Now there’ve been some fairly recent changes to the ISO list — and the first person who identifies an instance of a missing country code in any of the webforms on WWW.CHANNELISLES.NET will win a CHANNELISLES.NET USB key (Note: this is a great little device — it’s got masses of storage, it’s in the shape of a real key, and fits on your keyring with your house keys so you always have it with you).

We’ll also offer another USB key for the person who submits the website (any website, anywhere in the world) that has the a drop-down list with the most missing entries.

A ‘source close to’ ICANN, the International Organisation responsbile for the co-ordination of the internet’s naming system, tells me that they are :

“assuming that every inbound/outbound IP packet over the course of the ICANN conference will be thoroughly inspected and dissected” and that “it’s likely that it will be impossible or extremely difficult for anyone attending to establish a VPN.”

First of all, I doubt things will be as blatant as this. Beijing is not Pyongyang.

China is the worlds largest nation, Its prosperity depends on its relationships with the rest of the world. No matter what it does with its own population’s access to information, it seems to me that it is not likely to jeopardise its standing in the world by excessively locking down normal standard internet access for some of the most important people in the internet world while they meet in its capital to decide the future shape of the ‘net.

Of course that doesn’t mean that things will be quite as straightforward as they are in, say, Canada or Germany. China hosted a similar (but smaller) international meeting in Shanghai somewhat over ten years ago. Most things worked. I did find BBC news to be inaccessible — which was a bit of a black mark — but that was just a duhka, easily overcome with the right kind of meditation.

I mean, really, you are probably not as important as you think you are.

But, if you work for a corporation, you do have a duty of care to your employers and shareholders so you should not be blind to the possibilities.

The easiest thing is, that unless you have skills in data destruction (DBAN is your friend), it would be quite sensible to take a brand new laptop to Beijing. Data can’t be stolen from it if it was never there in the first place.

And, unless you are going to keep your electronics close to your breast 24 hours a day, even when sleeping, it seems to me that, rather than interception of your emails, the biggest threat is that of the ‘evil maid attack’.

If you leave a laptop unattended for even a short time, mirroring your harddisk is a trivial task for someone who has physical access to it.

You can buy a cheap netbook at Tesco (UK) or BestBuy (US) for not much more than two or three hundred dollars. Cheap at twice the price. There are slightly more sophisticated techniques you can use, too.

Secondly, don’t forget that you might have sensitive information etc on your tablets and iPhones. Leave them at home and take a new GSM only device if there’s a possibility of commercially sensitive data being on them.

Finally, if my sources worst fears are confirmed, and you find that after all you cant ‘call home’ securely (i.e. using your corporate VPN) over the internet, then just sit back and enjoy the holiday away from the routine rush of work emails.

No complex information system can be guaranteed problem-free. Everyone who manages or runs such systems is in a glass house, and it behoves us to be constructive in our criticism.

I spend a lot of my professional life running game-theory situations about what to do to fix systems (including human systems) that break under unexpected loads and I think it’s a little harsh on ICANN to scream about this. There’s a tinge of schadenfreude in this afternoon’s commentary, I think.

You see, ICANN’s greatest problem is really one perception. It has set it itself up, over an evolutionary period of 15 years (gosh, is it really that long?) as, to use a common phrase I hear, as “the galactic lords of the Internet”.

And a common, but unspoken, thesis among ICANN people (and by that I do not distinguish between staff and participants) is that ‘Daddy knows best’.

But those of us who know (and still have a great deal of affection for) ICANN know it as being (these days) entirely well-meaning, but not always as sharp as it might be.

One rumour is that the site was attacked by Anonymous. There’s no shame if that’s true — they had the resources to take the UK interior ministry’s website down last week, after all!

But the reality seems to be emerggin, is that ICANN in its insistence on micromanaging the business models of TLD applicants, wanted EPP schemas in the applications.

Now EPP is based on XML which like HTML has lots of < and > characters. And the latest information is that ICANN’s application system may not have been able to handle those Yes, really! (If they can’t handle that, what about Unicode characters like you find in IDNS!)

If this is true, it tells me one thing.

ICANN didn’t test its system as it should have done.

That is to say, its likely that no dummy application was made by ICANN before releasing the system to go live with one of the most important systems on which several million dollars worth of applicant’s businesses were required to rely?

It begs a question as to whether an organization that is happy with this level of testing should be regarded as suitable for being awarded the contract to run the IANA and one of the 13 root-servers on which we all rely. But that’s a matter for others to ponder, not me.

I’m really not going to throw rocks. They have enough to cope with, without me sniping. They need a little space to get their act together now. So maybe we should leave the poor so-and-sos be?

But why has it taken him till the lame-duck phase of his reign for him to speak up?

Back in the early days, ICANN CEO Stuart Lynn similarly criticised the structure of the original ICANN, which led to the abolition of elections and the creation of the Nominating Committee under the banner “ICANN 2.0”.

But he did this early on, and actually achieved the changes to ICANN that produced the current structure. Whether you liked them or not (and the abolition of elections was something that was, perhaps, to be regretted), Lynn had the time to follow through, and implement.

Sadly, Rod’s contribution just sounds like the plaintive cry of an albatross flying off into the distance.

It seems clear to me that the next field of engagement over fundamental rights is going to involve the Domain Name System. The recent skirmishes over SOPA (the proposed Stop Online Piracy Act, recently holed below the waterline by Pres. Obama) seems to confirm this view.

The DNS is the technical system at the heart of what nearly everyone who uses the Internet does.

It enables people and applications to locate things on the Internet. Things such as website addresses, email servers and many other things. Watch the video at youtu.be/lsutsPeCbak.

The DNS is run by a diverse group of people and organisations which evolved from the Internet’s early research within academia. This group includes universities, government agencies and private businesses and is co-ordinated at its apex by a California organisation called the Internet Corporation for Assigned Names and Numbers (ICANN).

A recently hot topic in the DNS world is something called ‘Notice and Takedown’.

That is to say, “someone” (in the British Isles this is most usually the owner of some intellectual property or an organisation such as the Internet Watch Foundation which monitors the Internet for illegal content such as child abuse images or extreme pornography) will send a Notice to an ISP or domain name registrar to inform them that a domain name (or web address) is being used by what is becoming known in the industry as ‘bad actor’.

The recipient of such a Notice is then expected to take the appropriate action; the expectation being that the domain name concerned is blocked, filtered or ‘taken down’.

Much of the activity, as you might expect, in this regard has come from IP rights-owners as well as anti-phishing & anti-spam organisations.

Now your author’s anti-spam credentials cannot be doubted but it is submitted that there are significant dangers in the understandable wish of registrars, ISPs and others to ‘do the right thing’. One insufficiently considered action could pose great reputational or even existential risk to the ISP executing takedown. On the other hand, there are equally significant risks to inaction as well.

There is a certain amoun of protection in Europe law for ‘mere conduits’, for example, under the e-commerce Directive.

But what if a registry (rather than a registra) receives a notice drawing its attention to the fact that a domain name is being used for bad purposes?

Such bad behaviour doesn’t have to be illegal (that is to say, criminal) conduct. It can equally well be an infringment of the civil rights of a third party, such as a defamation.

In England, defamation is a very great risk for any person or organisation that can be said to publish or assist publication. Ask any newspaper editor.

The UK libel laws are archaic and arcane. This basically means that it is extremely risky and extremely expensive to be either a Claimant or a Defendant, whether willingly or unwillingly.

Indeed, it’s no surprise that one of the early cases on the principles of notice and takedown are set out early on in an internet libel case in England .. Godfrey -v- Demon Internet.

The effects of that regime on intermediaries has been ameliorated by subsequent European legislation — the e-commerce Directive but nonetheless, it is clear that not only are there risks to an ISP or registrar or registrar in taking positive action over a domain name that is alleged to be being used for illegal (criminal) or unlawful (civil) purposes, there are risks in NOT taking action.

I predict this debate will continue for several years, and is likely to engage the law enforcement, legislative and judicial authorities in a number of countries at the highest levels.